Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
32
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
73
Getting Blindly Lucky
jr0ch17
0
59
Qu'est-ce que le bug bounty?
jr0ch17
0
84
Finding 5 bugs in a single parameter
jr0ch17
0
57
Beyond the Borders of Scope
jr0ch17
0
41
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.6k
Shift-from-React-to-Vue
calm1205
3
1.3k
VPC間の接続方法を整理してみた #自治体クラウド勉強会
non97
1
850
なんで、私がAWS Heroに!? 〜社外の広い世界に一歩踏み出そう〜
minorun365
PRO
6
1.1k
チームを主語にしてみる / Making "Team" the Subject
ar_tama
4
310
Datachain会社紹介資料(2024年11月) / Company Deck
datachain
3
16k
ガバメントクラウド単独利用方式におけるIaC活用
techniczna
3
270
10分でわかるfreee エンジニア向け会社説明資料
freee
18
520k
AWS re:Inventを徹底的に楽しむためのTips / Tips for thoroughly enjoying AWS re:Invent
yuj1osm
1
570
ネット広告に未来はあるか?「3rd Party Cookie廃止とPrivacy Sandboxの効果検証の裏側」 / third-party-cookie-privacy
cyberagentdevelopers
PRO
1
130
大規模データ基盤チームのオンプレTiDB運用への挑戦 / dpu-tidb
cyberagentdevelopers
PRO
1
110
よくわからんサービスについての問い合わせが来たときの強い味方 Amazon Q について
kazzpapa3
0
220
Featured
See All Featured
Optimizing for Happiness
mojombo
376
69k
The Language of Interfaces
destraynor
154
24k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
The Invisible Side of Design
smashingmag
297
50k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
231
17k
Automating Front-end Workflow
addyosmani
1365
200k
Learning to Love Humans: Emotional Interface Design
aarron
272
40k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
A Modern Web Designer's Workflow
chriscoyier
692
190k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
41
2.1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
37
1.8k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and